CVE-2021-34387

MEDIUM Year: 2021
CVSS v3 Score
6.7
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-276
View all →

Vulnerability Description

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.

Related Vulnerabilities

CVE-2019-14510

MEDIUM
CVSS:6.7(Medium)

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server ...

CWE-2762019

CVE-2019-14718

MEDIUM
CVSS:6.7(Medium)

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

CWE-2762019

CVE-2020-0122

MEDIUM
CVSS:6.7(Medium)

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of pri...

CWE-2762020

CVE-2020-25593

MEDIUM
CVSS:6.7(Medium)

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.

CWE-2762020

CVE-2020-29489

MEDIUM
CVSS:6.7(Medium)

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password ...

CWE-2762020

CVE-2020-8701

MEDIUM
CVSS:6.7(Medium)

Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-2762020